Controlling the tasks users can perform

You can control the tasks users can perform on database objects (such as creating, modifying, executing, updating, and so
on) by granting permissions. You can control the administrative tasks (such as backing up, profiling, and so on) that a user
can perform by granting authorities.

You grant permissions and authorities using the GRANT statement. For permissions, you can also delegate permission granting
privileges on an object to other users.

The REVOKE statement is the opposite of the GRANT statement—any permission that GRANT has explicitly given, REVOKE can take
away. Revoking CONNECT from a user removes the user from the database, including all objects owned by that user.